palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

🔥 delete unused images
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 10m27s
Details

Browse source
This commit is contained in:
Ingolf Wagner 2024-10-19 14:17:05 +09:00
parent 4b12e04e15
commit 70b76d149a
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
13 changed files with 0 additions and 658 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

148
images/lib/remote-access.nix
View file

@ -1,148 +0,0 @@
{
# cat ~/.ssh/id_rsa.pub
publicSshKey ? "",
# remote-install-get-hiddenReceiver
hiddenReceiver ? "",
}:
{
config,
lib,
pkgs,
...
}:
{
imports = [
{
# system setup
networking.hostName = "liveos";
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ publicSshKey ];
};
};
}
{
# installed packages
environment.systemPackages = with pkgs; [
#style
most
rxvt_unicode.terminfo
#monitoring tools
htop
iotop
#network
iptables
iftop
nmap
#stuff for dl
aria2
#neat utils
pciutils
psmisc
tmux
usbutils
git
#unpack stuff
p7zip
unzip
unrar
#data recovery
ddrescue
ntfs3g
dosfstools
];
}
{
# bash configuration
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
fi
'';
};
}
{
# ssh configuration
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
}
{
# hidden ssh announce
config =
let
torDirectory = "/var/lib/tor";
hiddenServiceDir = torDirectory + "/onion/hidden-ssh";
in
{
services.tor = {
enable = true;
client.enable = true;
relay.onionServices.hidden-ssh = {
version = 3;
map = [
{
port = 22;
target.port = 22;
}
];
};
};
systemd.services.hidden-ssh-announce = {
description = "irc announce hidden ssh";
after = [
"tor.service"
"network-online.target"
];
wants = [ "tor.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = pkgs.writers.writeDash "irc-announce-ssh" ''
set -efu
until test -e ${hiddenServiceDir}/hostname; do
echo "still waiting for ${hiddenServiceDir}/hostname"
sleep 1
done
until ${pkgs.tor}/bin/torify ${pkgs.netcat-openbsd}/bin/nc -z ${hiddenReceiver} 1337; do sleep 1; done && \
echo "torify ssh root@$(cat ${hiddenServiceDir}/hostname) -i ~/.ssh/id_rsa" | ${pkgs.tor}/bin/torify ${pkgs.nmap}/bin/ncat ${hiddenReceiver} 1337
'';
PrivateTmp = "true";
User = "tor";
Type = "oneshot";
};
};
};
}
];
}

61
images/machine-init-configuration.nix
View file

@ -1,61 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
(import ./disko-config.nix { })
];
networking.hostName = "nixos";
boot.supportedFilesystems = [ "zfs" ];
# head -c4 /dev/urandom | od -A none -t x4
networking.hostId = "4750e4b8";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!)
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
environment.systemPackages = with pkgs; [
vim
wget
htop
silver-searcher
];
environment.extraInit = ''
# use vi shortcuts
# ----------------
set -o vi
EDITOR=vim
'';
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

19
images/remote-install/README.md
View file

@ -1,19 +0,0 @@
# remote installation iso
- `./config.nix` : to generate the installation image
- `./remote-service.nix` : tor configuration you have to start on your machine.
## Steps
- import `./remote-service.nix` in your `/etc/nixos/configuration.nix`
- `nixos-rebuild switch`
- run `remote-install-get-hiddenReceiver` and enter the result in `./config.nix`
as `hiddenReceiver`
- set the public key in `./config.nix`
- run `nixos-generate -f install-iso -c ./config.nix`
- prepare the usb stick : `sudo if=<path of the iso> of=/dev/<device> bs=4096`
- boot the usb-stick at the new machine
- run `remote-install-start-service`
- after some time you will see a you can use to login to the new machine.
Now you can do the normal installations procedure.

35
images/remote-install/config.nix
View file

@ -1,35 +0,0 @@
{ pkgs, lib, ... }:
let
remote-access = import ../lib/remote-access.nix {
# cat ~/.ssh/id_rsa.pub
publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
# remote-install-get-hiddenReceiver
hiddenReceiver = "";
};
in
{
imports = [ remote-access ];
# network configuration
# ---------------------
# no wifi
#networking.networkmanager.enable = true;
# wifi
networking.wireless.enable = true;
networking.wireless.networks."ssid".psk = "password";
# configuration
environment.extraInit = ''
# use vi shortcuts
# ----------------
set -o vi
EDITOR=vim
'';
}

18
images/remote-install/remote-install.nix
View file

@ -1,18 +0,0 @@
# installs scripts and tor to provide an announcement service for nixos-remote installation.
{
services.tor = {
enable = true;
client.enable = true;
relay.onionServices.liveos.map = [ { port = 1337; } ];
};
environment.systemPackages = [
(pkgs.writeShellScriptBin "remote-install-start-service" ''
echo "starting announcment server to receive remote-install iso onion id"
${pkgs.nmap}/bin/ncat -k -l -p 1337
'')
(pkgs.writeShellScriptBin "remote-install-get-hiddenReceiver" ''
sudo cat /var/lib/tor/onion/liveos/hostname
'')
];
}

34
images/translate-setup/README.md
View file

@ -1,34 +0,0 @@
# Create a easy to use Image for translation
using [nixos-generators](https://github.com/nix-community/nixos-generators).
## generate easy to use iso
```
nixos-generate -f install-iso -c config.nix
```
## generate vmware image
```
nixos-generate -f vmware -c config.nix
```
## run locally using qcow
```
nixos-generate --run -c config.nix
```
## how to install nixos-generators
```
nix-shell -I nixpkgs=channel:nixos-unstable -p nixos-generators
```
## how to start download service
```
iptables -F # kill firewall
python -m http.server 80 # nix-shell -p python3Full
```

22
images/translate-setup/audio.nix
View file

@ -1,22 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
users.users.mainUser.extraGroups = [
"audio"
"pipewire"
];
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
};
environment.systemPackages = with pkgs; [
alsaUtils
pavucontrol
];
}

63
images/translate-setup/config.nix
View file

@ -1,63 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
imports = [
./x11.nix
./audio.nix
];
#networking.networkmanager.enable = true;
#networking.wireless.enable = false;
# configuration
environment.extraInit = ''
# use vi shortcuts
# ----------------
set -o vi
EDITOR=vim
'';
services.xserver.displayManager.sessionCommands = ''
${pkgs.mumble}/bin/mumble mumble://name@lassul.us/party/hard &
${pkgs.vlc}/bin/vlc &
${pkgs.pavucontrol}/bin/pavucontrol &
'';
networking.hostName = "translate";
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
fi
'';
};
}

60
images/translate-setup/x11.nix
View file

@ -1,60 +0,0 @@
{
pkgs,
config,
lib,
...
}:
{
services.xserver = {
enable = true;
desktopManager = {
xterm.enable = false;
xfce.enable = true;
};
displayManager = {
defaultSession = "xfce";
sddm = {
enable = true;
autoLogin = {
enable = true;
relogin = true;
user = config.users.users.mainUser.name;
};
};
sessionCommands = ''
${pkgs.mumble}/bin/mumble &
${pkgs.vlc}/bin/vlc &
${pkgs.pavucontrol}/bin/pavucontrol &
'';
};
# mouse/touchpad
# --------------
libinput = {
enable = true;
disableWhileTyping = true;
tapping = true;
scrollMethod = "twofinger";
accelSpeed = "2";
};
};
users.users.mainUser = {
isNormalUser = true;
name = "translator";
uid = 1001;
initialPassword = "translate";
};
# Packages
# --------
environment.systemPackages = with pkgs; [
flameshot
pavucontrol
mumble
vlc
];
}

58
images/usb-init-configuration.nix
View file

@ -1,58 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.hostName = "nixos";
# grub configuraton
# -----------------
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.device = "/dev/sdb";
boot.loader.grub.efiInstallAsRemovable = true;
boot.tmpOnTmpfs = true;
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
environment.systemPackages = with pkgs; [
vim
wget
htop
silver-searcher
];
environment.extraInit = ''
# use vi shortcuts
# ----------------
set -o vi
EDITOR=vim
'';
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

14
images/windows-rescue/README.md
View file

@ -1,14 +0,0 @@
# To Fix Windows Issues
## reset password
- use `sfdisk -l` to list partitions
- find the partition which holds `Windows/System32/config`
- mount it `mkdir -p /media/sda2; mount /dev/sda2 /media/sda2`
- `cd /media/sda2/Windows/System32/config`
- list SAM database `chntpw -l SAM`
- edit SAM database `chntpw -i SAM`
- reboot
more details
[here](https://opensource.com/article/18/3/how-reset-windows-password-linux).

51
images/windows-rescue/config.nix
View file

@ -1,51 +0,0 @@
# NixOS livesystem to reset windows passwords
# Step by step guide : https://opensource.com/article/18/3/how-reset-windows-password-linux
# $ nixos-generator -f iso -c config.nix
{ pkgs, ... }:
let
wifi = {
ssid = "";
plainTextPassword = "";
};
remote-access = import ../lib/remote-access.nix {
publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
hiddenReceiver = "";
};
in
{
imports = [ remote-access ];
environment.systemPackages = [
pkgs.chntpw
pkgs.ntfs3g
];
networking.dhcpcd.enable = true;
networking.wireless = {
enable = true;
networks."${wifi.ssid}".psk = wifi.plainTextPassword;
};
environment.extraInit = ''
# use vi shortcuts
# ----------------
set -o vi
EDITOR=vim
'';
services.xserver = {
enable = true;
displayManager.auto.enable = true;
desktopManager = {
default = "xfce";
xterm.enable = false;
xfce.enable = true;
xfce.extraSessionCommands = ''
${pkgs.midori}/bin/midori https://opensource.com/article/18/3/how-reset-windows-password-linux &
${pkgs.xfce.terminal}/bin/xfce4-terminal &
'';
};
};
}

75
images/yubikey-image.nix
View file

@ -1,75 +0,0 @@
# NixOS livesystem to generate yubikeys in an air-gapped manner
# screenshot: https://dl.thalheim.io/wmxIqucOEo2xuLk0Ut45fQ/yubikey-live-system.png
# $ nix-shell -p nixos-generate --run "nixos-generate -f iso -c yubikey-image.nix"
{ pkgs, ... }:
let
guide = pkgs.stdenv.mkDerivation {
name = "yubikey-guide-2019-01-21.html";
src = pkgs.fetchFromGitHub {
owner = "drduh";
repo = "YubiKey-Guide";
rev = "035d98ebbed54a0218ccbf23905054d32f97508e";
sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq";
};
buildInputs = [ pkgs.pandoc ];
installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out";
};
in
{
environment.interactiveShellInit = ''
export GNUPGHOME=/run/user/$(id -u)/gnupghome
if [ ! -d $GNUPGHOME ]; then
mkdir $GNUPGHOME
fi
cp ${
pkgs.fetchurl {
url = "https://raw.githubusercontent.com/drduh/config/662c16404eef04f506a6a208f1253fee2f4895d9/gpg.conf";
sha256 = "118fmrsn28fz629y7wwwcx7r1wfn59h3mqz1snyhf8b5yh0sb8la";
}
} "$GNUPGHOME/gpg.conf"
echo "\$GNUPGHOME has been set up for you. Generated keys will be in $GNUPGHOME."
'';
environment.systemPackages = with pkgs; [
yubikey-personalization
yubikey-personalization-gui
yubikey-manager
yubikey-manager-qt
cryptsetup
pwgen
midori
paperkey
gnupg
ctmg
];
services.udev.packages = with pkgs; [ yubikey-personalization ];
services.pcscd.enable = true;
users.extraUsers.root.initialHashedPassword = "";
# make sure we are air-gapped
networking.wireless.enable = false;
networking.dhcpcd.enable = false;
services.getty.helpLine = "The 'root' account has an empty password.";
services.displayManager = {
defaultSession = "xfce";
autoLogin = {
enable = true;
user = "root";
};
};
services.xserver = {
enable = true;
desktopManager = {
xterm.enable = false;
xfce.enable = true;
};
displayManager = {
sessionCommands = ''
${pkgs.midori}/bin/midori ${guide} &
'';
};
};
}